Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "The NSA snoops traffic and has backdoors in encryption algorithms. Law enforcement agencies are operating surveillance drones domestically (not to mention traffic cameras and satellites). Commercial entities like Google, Facebook and Amazon have vast data on your internet behavior. The average Joe has sophisticated video-shooting and sharing technology in his pocket, meaning your image can be spread anywhere anytime. Your private health, financial, etc. data is protected by under-funded IT organizations which are not under your control. Is privacy even a valid consideration anymore, or is it simply obsolete? If you think you can maintain your privacy, how do you go about it?"

Unfortunately there's a couple of flaws in his plan:a) Facebook is busy asking other people things like: "Did you go to school with JohnVanVilet?" and they're all eagerly answering "Yes!!"b) They've figure out he lies so they're starting to 'confirm' every new account via. mobile phone.

In 3 letter agency circles the process is called "Traffic Analysis". Even if you use a prepaid SIM you toss away a few minutes later, the first time you reach out to anyone you've ever known, you cease to be unknown. Reach out to 3 or 4 people and it's game over, you're new identity is tossed in the same box as your old identity. Back to square one. The only way to hide from TA is to avoid exposure entirely. One person can keep a secret. Two people, not so much.

well sure, if you're a mafia boss handing out death sentences you might need to change the phone every 3-4 calls... if you just want to fuck with nsa change the phones and sims with your friends, maybe they'll make one single superperson out of you.

there's diminishing returns on that for advertising sites though, and if you want to appear online as yourself with some profile then people will somehow have to know it's you(or at least that it's your alias) anyways. it's not like some random website that uses

But I must say it becomes more of a PITA as time goes on. My Firefox install is so heavily modified it gives a lot of trouble...doesn't work with Slashdot at all anymore and I can't figure out why. For now I'm using a Chromium incognito window when I want to post a slashdot comment.

It is just why I always insist that any so-called Crypto Phone Program is basically worthless since any of them does nothing to hide a FACT of communication between specific persons. The 3-letter agencies need not know the conversation itself since they can always torture it out of your correspondent.

Now, I see some developments in this direction but all of them are quite far from fruition since every really anonymous protocol is by definition slow.

The typical internet user is unlikely to incur the wrath of the NSA or even law enforcement unless they are involved in crime or political activism. They may choose to hide on princible.

What they do have to fear is the casual background check.

For example: I loathe the catholic church. A bunch of homophobic superstitious idiots with ridiculous beliefs that even they have had to shy away from out of embarassment. Stuck-up people who claim to be the sole early authority on issues of morality, though apparently this includes sheltering a truely obscene number of child-molesters in their ranks from the public relations disaster of actually being caught by law enforcement.

My first job out of university was in IT support at a catholic school.

Now, imagine if I had been dumb enough to write the above under my real name somewhere? The school may very well have put my name into google to check if I have any skeletons, found something like the above, and decided not to offer me the job. I'd never have learned why, just gotten the 'your application was not successful' form letter, so it's impossible to say how often this happens - but with facebook and google requiring real names for an increasing number of social media concerns, this is surely happening with increasing frequency.

Hey, I'll one up that by saying "Don't have a fucking stupid social network account to begin with".You can quote me on that. I did.We're nerds, we really don't do social. Not within a structured environment anyway. Is/. not evidence of this?Go to town, look up the fly, see who am I, you can try, then wonder why. So many possibilities, so many degrees, so many fields, so many who would be fly, they are not I and I, aye? Eye think you misrepresent your abilities.

My concern is that the NSA has access to all of this kind of information about every citizen. Say that the president in 2021, whoever it is, starts accusing people that annoy him of terrorism and have them held indefinitely without right to trial. A number of citizens are displeased with this, so we decide to hold a rally against it. The NSA can instantly identify all of us, and subject us to the same fate. If a group of people spontaneously hold a protest, the president may not be able to get a group of 1

Assume that what you say or do in public is now, has ever been, and will always be public. That's not a new condition. Avoid doing or saying anything in public you'd be embarrassed for your Mom to find out about. Stay the hell off of "social media" sites; if you must (some employers strong arm for Linked-In), keep your footprint minimal, you activity low, your privacy settings maxed, and your ego in check. Immediately egress and abandon any "social," and every other site, that probes for information that makes you uncomfortable. Minimal internet presence is not only OK, but preferable to glaring and suspicion raising absence, because, be advised, methods for countering detection and targeting, including systemic traffic analysis, significantly include blending in with routine traffic. Although everything on the web is traceable and searchable, resources always have a pain threshold and imply a noise floor under which normal resources will not be routinely expended to engage without provocation or extraordinary need. Nothing can inoculate one from random occurrences of bad luck, malicious actors, or general misfortune; but, wise and moderate behavior reduces the odds. "Nail that sticks out gets hammered in." - Anon attributed as Japanese proverb

Nothing you do electronically is anonymous. I don't use the Internet, I don't make phone calls, and I don't do email. Ever. At all. I only pay cash (coins actually, because bills have serial numbers that can be tracked). And I certainly would never, ever, post anything online.

My private data does not leave my home network. I lack off site backups, but Google spies on all my email. I rarely bother with Tor, just enough to draw suspicion. Gee, maybe I should rethink some of this, but that sounds like work.

I think my issue here is the same as a lot of peoples: maintaining privacy requires you actually bother to do stuff. My categorical banning of all cookies, java script and browser plugins except for white lists is really the only effort I've put into my privacy.

I don't go around spamming private stuff on Facebook, but I still expose my reading habits to web servers, my ISP etc. I don't host my own sites, so I'm leaking lots of info about my users/readers to the hosts. I lack HTTPs support on most of my sites, so I'm leaking lots of stuff.

I've toyed with Tor hidden services (I made one), and bitcoin (I have some), but never actually done anything with them. I have a big interest in privacy, but generally I don't bother with it. Its kinda sad really.

We need better tools to make having privacy not be a sacrifice: it needs to be easy, and not lose you features, or even the people who care (like me) won't even bother. We are a long way from this, which in the purest sense isn't even actually possible (You have to lose some features if you have true privacy).

We need better tools to make having privacy not be a sacrifice: it needs to be easy, and not lose you features, or even the people who care (like me) won't even bother.

This. We also need to make it much easier to find out which tools/services are worth people's time, energy, and money. Even something as seemingly simple as intelligently choosing an ISP, VPN, email provider, etc. requires a massive investment in time to learn the basic technical aspects of each service & relevant features, scour the Web to find non-spammy reviews hidden among the SEOspam, compare prices & feature offerings... If a geek like me that already understands the technology and has a to

Your internal network is already compromised probably. They don't just watch, they hack, and plant backdoors (that can watch inside private networks, or potentially do more destructive things). That was their attack to the Tor network [slashdot.org], not inspecting its traffic, but exploiting vulnerabilities in browsers/plugins/etc, even spoofing for that sites like Slashdot and Linkedin [slashdot.org]

You should take it on yourself to educate them. Tell them about cheap VPN services and how easy they are to set up. I even give people cheap flash drives I bought of eBay and loaded with a portable version of the Tor browser bundle. I'm trying to figure out if a portable VM with Tails is possible.

I agree with you 100%. The issue I've found is that people are absolutely terrible when it comes to working with big numbers. Any chance of false positive is seen as a 1 in a million shot at best. People cannot comprehend how they could end up in that kind of situation, the chances are so slim. It seems to me many have forgotten the old saying that we're supposed to let 10 guilty people go rather than jail 1 innocent person since we're (the west) supposed to be a benevolent democracy.

As I usually say: every week there is someone who wins the lottery, and that chance is really, really small.

Do you comment on any forums to influence people?Do you vote? Do you think your vote is not interesting?Do you have relatives? Do you think they are all so bland and uninteresting?Do you work for a company? Does it make stuff in competition to other companies?Do you know stuff the NSA might find useful.

It's correctable. Just ask your congressman to make your everyday activity punishable. Here in Russia I read about 3 reports per day about people punished due to use of social networks to publish dissent with official national policy.

Mne chto, pokryt' tebya russkim matom, chtoby ubedit' v obratnom? I know about LG Smart TV. I simply don't watch TV since there is pro-Putin propaganda and stupid serials specially crafted to make Putin's electorate more controllable. The only satisfactory channel is "Kultura".

Soviet anecdote: Pet'ka comes to Chapaev (Chapaev was a famous Red commander during Civil war and a hero of lots of anecdotes).Chapaev: Pet'ka, why haven't you ironed your uniform?Pet'ka: This morning I turned on my radio and could re

I'm less worried about the likes of the NSA, and more worried about criminal gangs getting hold of my data and using it to make my life a misery through identity theft.

Anyhow, the way these things work is:
- Either a very small percentage of people are seriously affected by breaches in privacy, in which case I don't need to worry too much about it, or
- A significantly large number of people are seriously affected, so that it becomes a political issue and there's a push to do something about it.

what makes you think that 20 000 contractors wouldn't be a way for the information to leak to criminals or that 20 000 contractors wouldn't use in a fashion that would be criminal for anyone else?(you know, like using your identity to email hack someone else and you ending up as the fall guy...).

I think it's important to protect my privacy despite not having much they are interested in. I encrypt my harddrives, have my own domain with e-mail that I've set up with GnuPG on my workstation and laptop, I sometimes use the TOR bundle as well as a USB with Tails on it. The simplest thing is that I subscribe to https://www.privateinternetaccess.com/ [privateint...access.com] to get proxy/VPN access to the net. Also, setting Firefox up with HTTPS everywhere, DNTPlus, NoScript etc. is important.

It doesn't take much to make their jobs harder. I use these things also for everyday items, it's not like I fire up PIA to "go dark and do evil stuff". I've plenty of friends that don't see the point of doing what I do when what I use it for isn't illegal, but privacy means privacy from prying eyes, I decide what I share with others.

(1) They mix your traffic in with everybody else using the same proxy - when you are at home your IP address is generally yours alone, but with one of these proxy services there could be hundreds of people using the same IP address.

(2) You can easily switch between proxies. The service I use has about 20 proxies in the US alone. Whenever I do something where I have to explicitly hand out identifying information (like make a purchase with paypal) I

(1) They mix your traffic in with everybody else using the same proxy -

Once upon a time when the trees were green I logged to some VPN. Then I found the output proxy address of this VPN and entered

$ ssh this_address

- and logged into my own system. It means that this specific proxy does NOT mix any traffic. And BTW I don't fear NSA which supervises this VPN, I fear only The Party. And also if you think that The Party cannot separate your traffic from the mix - you are wrong.

The issue is you cannot protect your privacy directly from the NSA. They seem to have tapped communication between Google data centres, can request any information they wish from any company (Google, FB, your local ISB and phone provider, etc), so the only option is limiting the amount of data you provide. Interestingly I started taking the following steps even before the leaks simply because I became uncomfortable with the major corporations gathering my data and then changing their privacy policies at will. That's not how contracts are supposed to work, and disagreeing doesn't seem to have any effect. Once Snowden went public, my paranoia turned out to be justified.

In general terms, I do not share anything truly personal on a public forum. So on FB I never upload pictures, I do not share places I visit, and I do not provide a phone number. I just use it to set up events like Birthdays or nights out. I do not use twitter, foursquare, pinterest, instagram, myspace or whatever social fad of the day happens to be. It could be that in my early thirties I'm becoming a technology Luddite, but then I was never denied a job because my *insert questionable behavior here* is posted all over the net.

Google is a special case. I started using Gmail when getting invites was almost impossible, and Youtube when they were still independent. So giving up my Gmail account would be a VERY significant undertaking, especially since I couldn't come up with better alternatives (fast, supporting POP3, almost perfect uptime, and guaranteed not to shut down). But I never stay signed into Gmail outside checking my mail, I do not use G+, I stopped using YT while being logged in, and I search through DuckDuckGo. And if anyone can suggest a reliable email provider that is NOT Google, MS or Yahoo, I am all ears.

Getting to specific platforms, on a Windows 7 PC, I use Seamonkey with Adblock Plus and No Script. I also block all third party cookies. I'm also considering adding Ghostery to the mix. This takes care of most of the trackers, cookies, ads, etc. I have not used Linux on a desktop in years, and I am yet to touch Windows 8, so I can't comment there. I also never share my location, although it's pretty braindead to find out where my IP is located anyway.

On my smartphone, I run CyanogenMod without GApps, meaning no Google account, no PlayStore, no Google Maps, etc. You get the idea. Every single app on my phone is installed from F-Droid. I have a fully functional, OSS book reader (Cool Reader), browser (Firefox with Adblock Plus), map application (rmaps), email client (k-9). So my phone is fully functional for my needs without any connection to the Google servers. As before, I never share my location which on a smartphone does make a difference.

This is pretty much what I've done to avoid Big Data without using any functionality and giving up only a bit of convenience. Any suggestions for improvements are more than welcome.

I use Seamonkey with Adblock Plus and No Script. I also block all third party cookies. I'm also considering adding Ghostery to the mix. This takes care of most of the trackers, cookies, ads, etc.

Not Ghostery -- it has a dubious mission and works by parsing lists that are growing longer by the week. Try the Request Policy extension for Firefox. Request Policy is simpler. It blocks off-site requests and shows you a list of what each site is requesting. You'll learn just how much tracking is happening and you may begin to avoid sites that you used to trust.

The latest Firefox has a "click to play" feature. Type "about:config" and search for "click_".

I have not used Linux on a desktop in years, and I am yet to touch Windows 8, so I can't comment there.

You said "And if anyone can suggest a reliable email provider that is NOT Google, MS or Yahoo, I am all ears.". Look into Yandex (www.yandex.com). It's located in Moscow. I have been using it for a year now. It seems reliable to me. And the most important thing to me is that Yandex does ***NOT*** report to the NSA.

Anti-Spam, anti-virus, blacklists, security updates, and dealing with shit when it goes wrong?... and it only costs me a fiver to sign up for that grief?

Most real men have better things to do than administer a personal email server.

And to what end? When most of the personal email I get is from other people with gmail/hotmail/outlook/yahoo/or major ISP addresses... so the 'other half' of every conversation is just wide open anyway.

If you believe that anti-virus and security updates are really needed then you possibly believe that the program should have.exe extension to be executable. Throw away this belief. After this your only problem will be spam. And it's quite easy to fight. You just tell your important correspondents to include some keyword to header and tune your mail client to mark it as NOT SPAM. Every other mail is sorted by built-in spam filter of your client.

Anything I care to keep private, I don't put on the internet. That's about it.

The facebook spy system encourages others to post everything they know about you. People do that without any understanding of what they are giving away for themselves or for people they know.

This is bad from the simple example of so called friends making sure criminals know when I'm on holiday as well as my home address, to corrupt government spooks having access to everything that anyone ever wrote about me as well as a stream of up to date pictures.

That is the question I'd like to start with. Because I'd answer yes it is. I don't want my identity stolen, my economic future decided by whether my boss sees a photo a friend of a friend of mine posted 5 years ago to a social networking site I didn't join, or my emails to my ex-girlfriend read by anyone other than me or her. So if it is worth protecting, then when we realize "how can you protect your privacy" is really broken up into subdomains, and for many of those the answer is "right now you cannot", we have motivation to then ask "how can we change that?".

Security by obscurity is never a good thing. Basically, if you think that your door will never be kicked down because THEY don't know about your belongings - you are wrong. Your door should never be kicked down because it's strong enough. And while they kick you should have enough time either to shoot or to exfiltrate.

You live in your cardboard and sheetrock cabins - and think it's normal. The normal building is at least wooden one where you need a chainsaw to enter. Here in Russia the Police needs about a

The main thing I do to protect my privacy is not to use "free" services, such as Gmail, Hotmail for personal email. I maintain my own server which has a mailserver installed. This means that no-one except me (and anyone who manages to break in) can just access my email.I live in the Netherlands where ISPs are forced to keep "traffic records" of me. Because I'm an academic I get to use the academic ISP, which is not bound by that law, at least for Internet traffic. But having my own mailserver means that also my my email traffic is not monitored and can not be requested by the police. Furthermore, having your own mailserver and domain also makes it very easy to compartmentalise service subscriptions. Just make a new email address for each service.

I used to use Google Calendar, and Contacts but stopped with that since I discovered that OwnCloud is a really decent private drop-in replacement that you can host yourself.

I use many different privacy plugins (Ghostery, Adblock, etc.), while being aware that this makes my browser ID somewhat unique and identifiable. At least I'm making it harder for them.

I don't use my real name on the internet.
This is no small thing, because Facebook will throw you off their network for using a fake name, and while I find facebook to be ubelievably drab and awful, I suffer a penalty in relationships from not being on it, since nearly everybody I know has some kind of presense on Facebook, I'd rather not trust the NSA with my personal information, but since i am not a criminal, the potential negative consequences involved are finite. I could be harassed for my views, though they're not particularly extreme, or falsely accused of a crime,
But there are a billion people on the internet, and they've got a billion agendas, and i know from experience that some of them can truly be evil motherfuckers. There's no sense in trying to measure or aniticipate what can happen, what they're going to individually decide or figure out. I'm probably safe. I'm a 55 year old male with not much money. Nobody's going to want to stalk me for anything, but I refuse to participate in this crazy experiment whereby we turn down the privacy settings for civilization, and see who thrives, and who gets hurt. Zuck you, Fuckerberg!

Your best bet is a thick layer of data that defines you as normal, therefore boring.

Worried about ID thieves?

Try to minimize the number of online retailers you do business with, or credit cards you have - but do keep at least one throwaway card it's really easy to just drop in case it's taken over, for transactions you don't quite trust.

Worried about purchases being tracked back to you? Use cash.

Basically it's not good enough to be worried about "privacy", the term is too all encompassing. Instead start to think about who exactly you are worried about getting what and minimize that risk.

You say you would let Google go through your photos... What about your email? What about your documents, your phone calls, your home. How about the government bring you in for questioning once and a while, just to make sure you are a good citizen... Where does it stop? Where do you draw the line and say "no more".

That's a slippery slope fallacy, and it can go the other way as well. What if we keep police from looking for (whatever criminal), then it spreads and pretty soon no criminal will ever be stopped. We will live in a society of lawlessness because people can do whatever they want without fear of retribution.

It sounds silly, but so does your argument. "If you take the tasers away from policemen, soon enough there will be no policemen."

...at least in this day and age. The trick is to remember that any information that is recorded to any form of media, can be stolen, copied, or given away. If you want to maintain something in privacy, it can't leave your head. You can't write it down, or draw, or paint the idea. You can't make a tape of it or a video of it. You can't say it to your lover or spouse.

Of course that makes it incredibly difficult to act on what you maintain in privacy, but that is more of a problem of getting others to work with you in suport of that idea.

There is a presumption of privacy codified in law, however that presumption does not seem to be all that relavent to our current state of govornment or business, so you are pretty much stuck with what you can control. At the moment that's pretty much restricted to what's in your head.

Tor and Bitcoin seemed to be particulary resistant to their efforts (other encryption protocols, not so much), but your ecosystem is not just your network, sites you visit [slashdot.org] could be used to plant backdoors in your system (and if your browser is safe enough, what about your flash player?).

This is not just about privacy, is also about having installed in your pc/network government's malware under the control of criminals (that work/had worked for the government or bought it from one of them)

Thats always been the NSA/GCHQ way. They get to the US/UK brand, leadership, developer and ensure their tame firm always wins.
Price, gov support, removing real competition, giving 2-3 "selections" internationally.
The method that they can turn to plain text or track or decode becomes the standard. No need to break anything if the world uses your code generation after foolish generation:)

Here's some nice tips which won't ultimately solve the problem but which will greatly improve your privacy.

1) Use common sense. Try to imagine which routes your data will take and which providers will it meet. Will those parties snoop on your data (datamining or wiretapping)? What kind of privacy policies do they have?

2) Use encryption in as many places as you can. HTTPS and IMAPS are good start.

3) Do not put important data into services provided by Google, Facebook or other datamining companies. If possibl

Not just your operating system, this site [prism-break.org] gives you safer alternatives for most of what you use.

And maybe could be interesting to put your perimeter apps in disposable/restorable boxes, either vms with snapshots or containers [github.com], so even if they are hacked you have an easy restore point or even detection that it happened.

The government snooping around doesn't bother me all that much, as while it might be a waste of money, it really doesn't affect me. It's just dead data sitting around on some NSA server. There is more interesting stuff to read then my email. What I am bothered by is the leaking of private data that happens all over the place, things like the people you follow on Twitter or Youtube being publicly visible information. Why exactly does every modern social webpage treat what are essentially bookmarks as public information and publishes it to the world? Why is everybody just accepting that and not complaining about? You can't even switch it off most of the time. I find that incredible annoying and avoid any service that does that when I can. I don't have much of a problem with my information being out there, but at the very least a service should make it very clear what kind of information is public and what is private and modern services don't really do that.

Another thing I have a real issue with is the starting pervasiveness of requiring real life authentication to log into a webpages. Mobile phone numbers started as just a way to get your password back, but now quite a few webpages are requiring them and Google+ and Facebook have their real name requirements. Furthermore there are more and more webpages that only allow you to access them via your Facebook or Twitter login, not via a webpage specific account. So once Facebook or Google switching on the requirement for a mobile phone number or real name and enforce that, that means your real life identity is linked to a ton of a webpages and you can't stop that from happening unless you completely avoid that webpage, as even Tor doesn't give you a free anonymous mobile phone number.

The government snooping around doesn't bother me all that much, as while it might be a waste of money, it really doesn't affect me. It's just dead data sitting around on some NSA server.

Until the day that Grumbel decides to run for Congress, on a platform of returning the protections guaranteed by the Constitution against the encroachments of the NSA. All sorts of "dead data" suddenly comes to life out of context like so many zombies.

The government snooping around doesn't bother me all that much, as while it might be a waste of money, it really doesn't affect me.

Yeah, it doesn't affect you (Well, it affects your freedoms, but those are worthless, so who cares?), so it doesn't matter. If the government uses all this data to abuse other people, it doesn't matter since it's not happening to you. The fact that the government can change the rules, misinterpret the data, and use it to harass virtually anyone doesn't matter at all.

- I am making an effort - both privately, and for the companies I consult with, to move away from US-based services. This is a long-term strategy, as changing company infrastructure can take time.

- Encrypt everything. It take a bit of work, but you can set up encryption so that it is transparent to the casual user. Just as an example, with EncFS you can automatically and transparently encrypt data you store in the cloud. The user sees the unencrypted version, but the encrypted version is synchronized with the cloud.

- Teach people about password managers like KeePass. Get people to use long, cryptographically difficult passwords. Bonus points: copy-paste out of a password manager eliminates over-the-shoulder observation, keyloggers, passwords written on post-its, etc.

Come on, you're asking the wrong question!The sun doesn't revolve around you or me.Those here who answer "I don't care" are halfway right.None of us will be betrayed by Google or Amazon - that's bad business.NSA won't post your private stuff or steal your money - they just want to do their job, damn the consequences.

However, after the next economic depression and mass unemployment, or after the next great war,when we elect our Führers, or support revolutions ending in a totalitarian states,they will find it convenient that our governments have built the infrastructure for their tyranny.

To answer the question that your should have asked:* Voice your opinion.* Support EFF https://www.eff.org/action [eff.org] and similar organisations.* Contact your representative.* Vote with your head and your heart - not your wallet.

1. Fill your ISP logs with TrackMeNot http://cs.nyu.edu/trackmenot/ [nyu.edu]
2. Know the US brands that willingly and knowingly helped the NSA and run any different OS/file systems.
3. Learn to think like a protester in 1980's Eastern Europe. Just keep been political active and know its all been filed, linked, watched, tracked, logged.....
Voice print, face scanning, OS, telco, ISP, cell tower tracking.. how many millions is been created/printed and spent on overtime and "cleared" contractors per person
4. Pay

My current solution is:
- NAS (QNAP) at home with various apps
- Exposure towards the internet is SSH, VPN and https (with self-signed certificate)
The only weakness in this scheme is possible flaws in SSH, OpenVPN or SSL. Ignoring those, whatever I do remotely on my NAS is for my eyes only. Accessed through either my smartphone (n900) or debian based linux systems.

Resist, lobby congress, join the EFF and start to use techniques to minimize exposure. Also push on your locally elected officials to enact a privacy first approach in their dealings because they're the ones who approve license plate scanners, red light/speed cameras and other little conveniences to generate revenue. In my city we've outlawed red light cameras but the police have license scanners on a lot of their cars, so we're working to get deletion/retention policies enacted. Also, de-Google and de-F

We've seen a lot of this propaganda in the past years and I refuse to believe it. What I mean is the attempt to spread a meme that says "post-privacy" or "privacy is done for anyways".

Look who the proponents of this meme are. Always, always the people who want it to be the case - Zuckerberg, government spy units, advertisers.

No, the battle isn't over while one side still fights. And there is quite a lot you can do to maintain your privacy. And like everywhere, there's a law of diminishing returns, which means the first steps, that bring you a ton of privacy back, are really, really easy.

Step No. 1: Don't post all your life to Facebook, Instagram and Twitter. Security researchers have demonstrated years ago how from that data alone they can create extensive profiles on you, including movement data that police would need a search warrent for your mobile provider for.

Step No. 2: Keep your secrets secret. If you want to share them with someone because you just have to talk with someone about the guy you murdered last week, or the hot chick you cheated on your wife with last month, or how you really hate your grandma even though you always play nice at the family events because she's rich - or whatever is on your conscious, do it in person, face-to-face only.

And that's about it. 80% of your privacy restored right there.

Whine about the NSA all you want, but if I can reconstruct where and with whom you have been with at what time on which day from your social media data, the biggest threat to your privacy is yourself.

Use multiple vendors located in multiple countries. I use Google translate, which reports to the NSA. My e-mail is Yandex, which is in Moscow and reports to the KGB. The NSA and the KGB don't talk to each other. I can use a search engine in Europe which does not talk to either. Bejing is my next market to shop at; what does China offer in the way of Internet services? Everywhere you go there will be someone watching you, but if you travel around it is different watchers. The Internet is GLOBAL - spread your

A few commenters have suggested that they have nothing to worry about because they let no "sensitive" information out onto the web.

Sorry to break it to you, but the world is not fair. People are sometimes framed or kangaroo-ed into apearing guilty of something when they are clearly not (I have had it happen). Sometimes, various authorities need to catch someone to hang blame upon for some crime. I've even heard cops tell a public defender, "We know he didn't do it, but we know he's a bad kid, so we got him."

Also, numerous (unregulated) consumer-monitoring agencies scrape up everything from public databases, buy lists from shops, service providers, your bank, your phone company, your credit card company, and your grocery "club card," sold subscriber lists, and so on. All of this data is correlated based on a few unique or semi-unique identifiers such as full name, SSN, phone number, credit card transaction number (it's illegal to track by CC #, but they get around this.), bank and account's last-four digits, addresses, and so on. This approach does produce some viable correlations, but typically yields "profiles" that are rife with errors.

HR departments use reports from these aggregators as if they were 100% accurate. There is no law in place that will allow you to opt out, to see their entire file on you, or to correct errors. There are anecdotes of people searching months for a job, only to find out at some point from an interviewer that, "you have XXXXX crime in your profile," even if you don't have a record. I once had collection agencies coming after me from Time-Warner Cable for bills on a Texas account — I have never lived in Texas, but the burden of proof was on me.

Despite what the aggregators would have everyone think, names are not unique. Phone numbers are not unique, as they are recycled. Email addresses are often not unique, as they are recycled.

Like it or not, there are many profiles on you that are beyond your access, and the law has not yet caught up with these practices.

There are two levels of private here. There's keeping things private from potential employers, friends, family, associates and so on and there's keeping things private from the NSA, GCHQ, Chinese Government and so on. The average guy or girl has absolutely no hope of keeping their online dealings private from the latter. From the former, you don't so much keep them private as be a bit circumspect when making use of the internet, your mobile phone and so on.

So far over the last 10 years I've had 1 credit card attempted theft (tried to transfer £4,000 out of it, bank caught it as "suspect" so it didn't happen) and I've had 2 email accounts hacked and used to send spam. Of the latter, the problem was weak passwords. I now have a "system" for passwords and none are weak, but that doesn't mean the NSA and GCHQ can't still read them. I have no intention of fighting a room full of Mathematics PhDs for my data.

Even if you get the NSA to stop doing this through political action, the Chinese, Russians and so on will still be doing it.

You live two lives. One is an ordinary, boring life that you don't mind the NSA finding out about. The other is as secretive as possible. No using credit cards. Nothing that requires ID. No flying, no buying alcohol.

One obvious problem with this is withdrawing cash. You have your public life, and the NSA sees you going to an ATM and grabbing $450, then it sees a transaction for $447 with an unknown person -- that's evidence linking your private identity to your public one. This is ameliorated if your public

It's been deemed acceptable to gather data on the entire population - though still illegal.Proportionally, it's acceptable to gather data on everyone in any position of power. Though still illegal.It's the only way to even the game.

Won't happen or it'd be illegal to forget to charge it or forget it at home. Assuming you want or need to be carrying it around most of the time it's more effective as a screening device, if you are going to a clandestine meeting and five others also happen to have their cell phones go dark at the same time that's a pattern, particularly if it repeats itself. If you're normally online it's probably better to leave it turned on at home, in which case they'd need to look for secondary clues you aren't actuall

I use Retroshare. Similar thing IM-wise, encrypted messaging, but it also has some excellent file searching/browsing/transfer capabilities (Great for those with a healthy disrespect for copyright), runs fully decentralised (Great for those in more repressive countries where IM software servers are blocked) and can also handle decentralised forums and mail transfer.